Senior Cybersecurity Engineer (Hybrid or Remote)
Senior Cybersecurity Engineer (Hybrid or Remote)
Posted on :
24-07-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Monthly Salary
Not Disclosed
Salary Not Disclosed
Vacancy
1 Vacancy
Posted on :
24-07-2025
Job Description
The Role:
At Q Bio we are transforming healthcare by combining AI Physics and Biology to automate the physical exam making preventive personalized care accessible to all. We are hiring a Senior Cybersecurity Engineer to join our dynamic team focusing on embedding security throughout our product lifecycle. You will be instrumental in designing building automating and maintaining the secure deployment and monitoring of our cutting-edge products.
$170000 - $200000 a year
What You Will Do:
Product & Medical Device Security (FDA Regulated Environment):
Secure Software Development Lifecycle (SDLC): Integrate security best practices and tools into every phase of the product development lifecycle from design and requirements to coding testing and deployment.
Threat Modeling & Risk Analysis: Lead and perform threat modeling and security risk analysis (per ISO 14971) for new and existing medical device software.
FDA & Regulatory Compliance: Author review and own all cybersecurity-related documentation for regulatory submissions (e.g. FDA 510(k) pre-market and post-market management plans). Ensure our products and processes align with the latest FDA guidance IEC 62304 and other relevant medical device security standards.
Regulatory Interface: Serve as the primary cybersecurity subject matter expert (SME) for regulatory interactions including responding to questions during FDA submissions and representing the companys cybersecurity posture during audits.
Security Requirements Definition: Partner with Product Management Engineering and Quality teams to define and document security requirements controls and architecture for our medical device platforms.
Vulnerability Management & Penetration Testing: Manage and coordinate third-party penetration testing and internal vulnerability assessments of our products. Develop and oversee the remediation action plan.
Incident Response: Develop implement and maintain an incident response plan for product-related security events including vulnerability disclosure policies.
Corporate Security & Compliance:
Continuous Security Assessment & Strategy: Continuously assess the companys security posture against evolving business needs and emerging threats. Identify relevant security standards (e.g. SOC 2 HIPAA NIST CSF) perform regular gap analyses and own the strategic roadmap for assessment implementation and improvement.
Compliance Frameworks (SOC 2 / HIPAA): Lead the initiative to achieve and maintain SOC 2 certification for our platform and business operations. Develop and manage the security controls and policies required for SOC 2 and HIPAA Security Rule compliance.
Corporate Security Governance: Develop implement and enforce company-wide information security policies procedures and standards.
IT & Cloud Security: Conduct security architecture reviews and risk assessments of our corporate IT and cloud infrastructure (AWS/GCP/Azure). Implement and manage security controls to protect corporate data and systems.
Vendor & Third-Party Risk Management: Establish and manage a program to assess and monitor the security posture of third-party vendors and partners.
Identity & Access Management (IAM): Oversee and improve the companys IAM policies and solutions to ensure the principle of least privilege is maintained.
What You Will Bring:
5 years of experience in cybersecurity with at least 3-5 years in a hands-on senior or lead role.
Proven experience in a regulated industry with a strong preference for MedTech (medical devices) HealthTech or Life Sciences.
FDA Expertise: Demonstrated hands-on experience with FDA cybersecurity guidance for medical devices contributing to the cybersecurity sections of regulatory submissions (e.g. 510(k) PMA) and acting as a subject matter expert in direct interactions with regulatory bodies (e.g. responding to submission questions participating in audits).
Compliance Expertise: Direct experience leading or playing a primary role in achieving and maintaining SOC 2 and/or HIPAA compliance.
Product Security: Strong experience with application security secure SDLC practices threat modeling (e.g. STRIDE) and vulnerability management for software products.
Cloud Security: Deep knowledge of securing cloud environments and services (AWS GCP or Azure).
Technical Skills: Proficiency with security assessment tools IAM systems endpoint protection and network security concepts.
Bachelors degree in Computer Science Information Security or a related field.
Relevant professional certifications are highly desirable (e.g. CISSP CISM HCISPP CSSLP).
Required Experience:
Senior IC
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
